From: Mark Wielaard <mark@klomp.org>
Date: Mon, 27 Mar 2017 23:25:34 +0000 (+0200)
Subject: elflint: Sanity check the number of phdrs and shdrs available.
X-Git-Tag: elfutils-0.169~28
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4314716cd498bb51639db717bd7ce6182de33322;p=thirdparty%2Felfutils.git

elflint: Sanity check the number of phdrs and shdrs available.

Make sure we can at least read the shnum sections or phnum segments.
Limit the number we do check to those we can actually read.

https://sourceware.org/bugzilla/show_bug.cgi?id=21312

Signed-off-by: Mark Wielaard <mark@klomp.org>
---

diff --git a/src/ChangeLog b/src/ChangeLog
index 70744bcf7..d285e068b 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,7 @@
+2017-03-27  Mark Wielaard  <mark@klomp.org>
+
+	* elflint.c (check_elf_header): Sanity check phnum and shnum.
+
 2017-03-27  Mark Wielaard  <mark@klomp.org>
 
 	* elflint.c (check_sysv_hash): Return early if section size is
diff --git a/src/elflint.c b/src/elflint.c
index 5e95ca959..6c83a773e 100644
--- a/src/elflint.c
+++ b/src/elflint.c
@@ -456,6 +456,19 @@ invalid number of section header table entries\n"));
 	ERROR (gettext ("invalid section header index\n"));
     }
 
+  /* Check the shdrs actually exist. */
+  unsigned int scnt;
+  Elf_Scn *scn = NULL;
+  for (scnt = 1; scnt < shnum; ++scnt)
+     {
+	scn = elf_nextscn (ebl->elf, scn);
+	if (scn == NULL)
+	  break;
+     }
+  if (scnt < shnum)
+    ERROR (gettext ("Can only check %u headers, shnum was %u\n"), scnt, shnum);
+  shnum = scnt;
+
   phnum = ehdr->e_phnum;
   if (ehdr->e_phnum == PN_XNUM)
     {
@@ -474,6 +487,19 @@ invalid number of program header table entries\n"));
 	}
     }
 
+  /* Check the phdrs actually exist. */
+  unsigned int pcnt;
+  for (pcnt = 0; pcnt < phnum; ++pcnt)
+     {
+	GElf_Phdr phdr_mem;
+	GElf_Phdr *phdr = gelf_getphdr (ebl->elf, pcnt, &phdr_mem);
+	if (phdr == NULL)
+	  break;
+     }
+  if (pcnt < phnum)
+    ERROR (gettext ("Can only check %u headers, phnum was %u\n"), pcnt, phnum);
+  phnum = pcnt;
+
   /* Check the e_flags field.  */
   if (!ebl_machine_flag_check (ebl, ehdr->e_flags))
     ERROR (gettext ("invalid machine flags: %s\n"),